top of page

EC2.18

Security groups should only allow unrestricted incoming traffic for authorized ports

Severity

Cloud Platforms

Resources

Related Standards

Automated

HIGH

AWS

Amazon EC2

AWS Foundational Best Practice, CDR, ISO27001, SOC2, NIST CSF, NIST.800-53.r5,

YES

This control checks whether the security groups allow unrestricted incoming traffic. The control fails if ports allow unrestricted traffic on ports other than 80 and 443; which are default values for parameter authorizedTcpPorts.

bottom of page